Dis/Enabling specific scripts on specific websites

Bug reports and enhancement requests
Post Reply
ZEROONE
Posts: 1
Joined: Sat May 19, 2018 10:59 pm

Dis/Enabling specific scripts on specific websites

Post by ZEROONE » Sat May 19, 2018 11:06 pm

Hi
im using websites that use (amongst others )the ...jwpcdn.com and …jwplatform.com scripts.
its bothersome to reactivate the scripts and reload the page a few times before the page works as needed, but its the only possibility to prevent these commonly used (presumably javascript) scripts from working on other sites.
i suggest adding a "Disable <script> on website <website> else <disable>" funktion to this programm.
im looking forward to a possible change/response.
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0

barbaz
Senior Member
Posts: 9824
Joined: Sat Aug 03, 2013 5:45 pm

Re: Dis/Enabling specific scripts on specific websites

Post by barbaz » Sat May 19, 2018 11:40 pm

Per-site permissions and reintroducing ABE are already planned. At least one of those will provide ability to do what you want.
*Always* check the changelogs BEFORE updating that important software!
-

skriptimaahinen
Senior Member
Posts: 215
Joined: Wed Jan 10, 2018 7:37 am

Re: Dis/Enabling specific scripts on specific websites

Post by skriptimaahinen » Sun May 20, 2018 6:53 am

If you set only "script" privilege for those domains, then it will only be javascript that you get from there (so yes, definitely javascript).

Do note that these scripts cannot run on any other page unless you have allowed scripts for that page.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:59.0) Gecko/20100101 Firefox/59.0

FranL
Senior Member
Posts: 84
Joined: Sun Dec 03, 2017 4:17 pm

Re: Dis/Enabling specific scripts on specific websites

Post by FranL » Sun May 20, 2018 6:28 pm

skriptimaahinen wrote:Do note that these scripts cannot run on any other page unless you have allowed scripts for that page.
If you allow scripts from domain jwpcdn.com on a any page, then scripts from jwpcdn.com can execute on all other pages too (UPDATE: except see the below replies for an exception).
Last edited by FranL on Mon May 28, 2018 4:03 pm, edited 1 time in total.
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0

skriptimaahinen
Senior Member
Posts: 215
Joined: Wed Jan 10, 2018 7:37 am

Re: Dis/Enabling specific scripts on specific websites

Post by skriptimaahinen » Sun May 20, 2018 9:35 pm

My point as example:

Assume site A.com that uses scripts from jwpcdn.com. You have allowed both and the scripts work for the site as expected.

You go to site B.com, that also tries to use scripts from jwpcdn.com, but you have NOT allowed scripts for site B.com. Scripts from NEITHER B.com or jwpcdn.com are run on B.com!

If you do allow B.com, then scripts from jwpcdn.com are also run on B.com without need to re-allow jwpcdn.com.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:59.0) Gecko/20100101 Firefox/59.0

FranL
Senior Member
Posts: 84
Joined: Sun Dec 03, 2017 4:17 pm

Re: Dis/Enabling specific scripts on specific websites

Post by FranL » Mon May 21, 2018 12:17 am

skriptimaahinen wrote:Assume site A.com that uses scripts from jwpcdn.com. You have allowed both and the scripts work for the site as expected.

You go to site B.com, that also tries to use scripts from jwpcdn.com, but you have NOT allowed scripts for site B.com. Scripts from NEITHER B.com or jwpcdn.com are run on B.com!
Is this true even if the static HTML at B.com directly loads the script from jwpcdn.com using <script src="http://jwpcdn.com/...">?
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0

skriptimaahinen
Senior Member
Posts: 215
Joined: Wed Jan 10, 2018 7:37 am

Re: Dis/Enabling specific scripts on specific websites

Post by skriptimaahinen » Mon May 21, 2018 3:55 am

Yes. If you have not allowed the site, NoScript will set CSP (Content-Security-Policy) directive script-src:'none'. This will prevent any and all scripts from running on the site, including inline scripts, on-event handlers and script-tags.

You can check this for yourself by opening developer toolbar (shift-F2) and typing "security csp". This will show all the active CSP rules. Note that some sites might add their own rules too.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:59.0) Gecko/20100101 Firefox/59.0

Post Reply